I can't really understand what you're trying to do here. What is this URL? Where is it being used to be dangerous? Is it in activerecord code?
If it is and you're following the best practices (using placeholders to your conditions), this isn't a problem (as Frederick has already explained). - Maurício Linhares http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ (en) On Sun, Dec 21, 2008 at 12:00 AM, Ben Knight <[email protected]> wrote: > > I've actually worked with Rails for 2+ years and published articles > about it, so I hope I'm not over-thinking things :-) > > However, we recently began getting very long URLs with invalid > parameters, which is what got me thinking of these > things. This is 10% of the how long the URLs are -- imagine this string > times 10: > > {our > domain}/4/pick-up-your-toys?code=+%0d%0ahttp%3a%2f%2fwarn1207.hostevo.com%2fhome-rentals-in-brunswick.html+home+rentals+in+cape+cod+%0d%0ahttp%3a%2f%2fpetr3549.yourfreehosting.net%2fbaked-scrod-recipes.html+baked+spasagna+recipe+%0d%0ahttp%3a%2f > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
